Hi, thanks, i removed the line in the source code and now it's working with IE9/openssl client. Opera has some issues when only TLS 1.2 is selected but i think this is an Opera issue.
Michael 2011/9/29 Dr. Stephen Henson <st...@openssl.org>: > On Thu, Sep 29, 2011, Michael Haas wrote: > >> Hello, >> >> i tried to enable TLS1.1 + TLS1.2 on Apache 2.2.21 with >> openssl-1.0.1-stable-SNAP-20110927 but didn't succeed. >> TLS 1.1 is working as excpected but TLS 1.2 not. I don't get a >> connection with TLS1.2, tried IE9 and Opera. >> Should TLS 1.2 work already with openssl 1.0.1 or is only the >> implimentation of TLS 1.1 finished? >> >> I get the following error in the apache log with >> openssl s_client -tls1_2 -CAfile SSL_CA.pem -connect XXX.XXX.XXX.XXX:443 >> SSL Library Error: 336151598 error:1409442E:SSL >> routines:SSL3_READ_BYTES:tlsv1 alert protocol version >> > > TLS v1.2 is disabled by default at present but can be reenabled at runtime or > with a minor change to OpenSSL. > > In ssl/ssl_lib.c remove the line: > > ret->options |= SSL_OP_NO_TLSv1_2; > > Or in the application call: > > SSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1_2); > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
